The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon North America 2022 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.
Please note: This schedule is automatically displayed in Eastern Daylight Time (UTC -4). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change.
Using GitOps automation to deliver Kubernetes cloud native applications allows management of infrastructure in the same way you manage application code, but lacks the supply chain controls needed to ensure integrity and tamper-proof deployments. Whilst application source dependencies have quickly benefited from SBOMs, transparency logs, and cryptographic signatures, delivery side automation has not participated in the end to end integrity guarantees. Using CD Gitops, Kubernetes manifests are composed from multiple source assets, across several locations, each having their own potential sources of malicious or accidental tampering. Template based mutations occur throughout continuous deployment and prohibit typical signing and verification methods. This talk describes how a properly instrumented CD GitOps process can be extended to provide verification of source assets with cluster enforcement of signatures and policy permissions. By combining keyless signing via Sigstore and intersecting control points throughout GitOps, accurate cryptographic signing of source assets can be obtained and transparency of configuration provenance produced. Finally using an admission controller such as integrity shield, cluster enforcement validates pipeline integrity.
Yuji Watanabe is a Senior Technical Staff member at IBM Research that lives in Tokyo, Japan. He leads a research team on cloud native security and has been delivering new integrity monitoring and enforcement technology to the open-source community and products. His current focus is... Read More →
Hirokuni Kitahara is a Research Scientist at IBM Research that lives in Tokyo, Japan. His current focus is on software supply chain integrity for cloud native applications and has been delivering integrity assurance technology on CI/CD to open-source communities and products. He contributes... Read More →